Threat Intelligence
The Threat Intelligence feature of ALTCHA Sentinel adds real-time protection against malicious IP addresses by combining open-source intelligence feeds with automatic detection of abusive behavior. It’s designed to run quietly alongside your apps, APIs, or services, identifying and blocking threats before they cause harm.
This component enhances your security posture by aggregating dynamic blocklists (e.g., Firehol) and combining them with live traffic analysis. It detects malicious activity such as brute-force attempts, vulnerability scans, and suspicious patterns like failed logins or rate-limit violations — and blocks the offending IPs automatically.
Whether you use Sentinel as a standalone abuse filter or as part of a broader bot protection strategy, the Threat Intelligence module provides a fast, reliable, and extensible way to stay ahead of known attackers.
How It Works
Sentinel automatically aggregates IP threat data from open-source feeds like Firehol, combining this intelligence with real-time traffic monitoring. It catches abuse by deploying honeypots, detecting repeated failed logins, and monitoring traffic volume. This helps prevent common attack vectors such as credential stuffing, vulnerability scans, or bot scraping before they impact your system.
Key Capabilities
- Real-time threat detection and automated blocking of abusive IPs
- Periodic updates of blocklists from remote sources
- Support for custom blocklists via remote HTTP servers
- IP blocking by exact address or CIDR range, with support for both IPv4 and IPv6
- Accessible via a simple HTTP API for easy integration
- Fast IP lookups, even with millions of entries (sub-millisecond lookups for most cases)